We have moved to GitHub Issues
Created by John Lilley 18 Apr 2013, 06:21:17 Updated by Shannon Deminick 18 Oct 2013, 05:30:43
Relates to: U4-532
Relates to: U4-3084
Relates to: U4-3089
Relates to: U4-3158
Relates to: U4-3174
Relates to: U4-3057
I have recently moved from Umbraco 4.7 to 6.0 which has been a smooth process (mostly) but I have noticed that the membership provider is not quit working how I would expect compared to 4.7?
In the web.conf I have the following set:
The values for parameters like 'umbracoApprovePropertyTypeAlias', 'umbracoLockPropertyTypeAlias' and 'umbracoFailedPasswordAttemptsPropertyTypeAlias' match to those properties (Property Alias) as set for the Member type (vcMemberRegistered) in Umbraco.
What I am finding (for example) is that if a website member tries to login to my website and fails (because the password is incorrect) the failed password attempts (memberFailedLogins) is not being incremented.
Its is also the same if you take the 'memberIsLocked' property. In Umbraco if I set this value to true (member is locked), he or she is still able to login?
In 4.7 this all worked seamlessly, setting the UmbracoMembershipProvider parameter to correspond to the umbraco Member Type took care of any failed attempts and whether a member was approved or locked?
My C# code has not changed (and is pretty standard for validating a member, e.g. System.Web.Security.Membership.ValidateUser(sMemberUsername, sMemberPassword)).
I just want to check if there have been any code changes between 4.7 and 6 around membership and how this works, whether this is a bug (none of the Umbraco parameters for the provider seem to work) or whether there is anything specific which now needs to be done in 6.0?
The Membership Provider has not been changed in a very long time, and the only thing that's been slightly changed in relation to members in umbraco is how a Member is saved, but that's only internally in the save method on the member class as far as I remember.
Thanks for letting me know. I will investigate further and see what I can find.
One thing though ... You say that a property like memberFailedLogins is not being incremented. Is that something you handle in your own code? In v6 we had a breaking change where you have to call .Save() on all the common objects like Document, Media, Member etc. in order for the changes to actually persist. This wasn't necessary in v4.x
Is the minRequiredPasswordLength property working for you? I´m currently under Umbraco v6.0.3, this is what i have on my web.config:
But when i enter the backEnd as an administrator i can change any user´s pwd to lets say "123", so it looks like it´s ignoring minRequiredPasswordLength="25". I would really appreciate some help with this subject.
Unfortunately not. Since going from 4.7 to 6 I have found that most of the Membership parameters for my are not working. I actually just created my own methods to get around the issue.
This was the provider for my usermemebership though (website users logging into my application rather than the UmbracoMembershipProvider) where in your case you are talking about the backend stuff (which I have not really tested).
I submitted a pull request for a fix to this issue:
@David Pull request accepted, thanks! I won't be able to set this issue to Fixed as it is broader than that.
I'd love to hear which exact other paramaters aren't working so we can have a look at those too (John, for which ones did you have to create workarounds please?).
Apologies for the delay, been contracting for a couple of weeks and this post did not pop up on my feed.
With the Membership parameters when I was testing the following did not work:
What I did to get around this was just to build these processes into my methods when members register/login (e.g. if login fails 3 times I set the lock property of the member so he/she account is not accessible).
Hope this helps.
I've been updating/fixing a bunch of issues around the membership providers this week. Now that most are fixed I've also tested this, here's my config:
I've tested all of these fields and they are updating correctly.
All the membership fixes currently are in a custom 6.2 branch and all is working at revision: a87e699f8df24f94b031cfb85adc0576d4a65ea8
I just need confirmation from Sebastian that it can all be merged in.
Assignee: Shannon Deminick
Backwards Compatible: True
Fix Submitted: Pull request
Affected versions: 6.0.3, 6.0.4, 6.0.5
Due in version: 7.0.0, 6.2.0